In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.
Specifically libxenevtchn, libxengnttab and libxenforeignmemory.
Previous patches have already laid the groundwork for using these by
switching the existing compatibility shims to reflect the intefaces to
these libraries.
So all which remains is to update configure to detect the libraries
and enable their use. Although they are notionally independent we take
an all or nothing approach to the three libraries since they were
added at the same time.
The only non-obvious bit is that we now open a proper xenforeignmemory
handle for xen_fmem instead of reusing the xen_xc handle.
Build tested with 4.0 .. 4.6 (inclusive) and the patches targetting
4.7 which adds these libraries.
This uses CONFIG_XEN_CTRL_INTERFACE_VERSION == 471 to cover the
introduction of these new interfaces.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Found thanks to shellcheck!
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Unfortunately the OpenBSD pdksh does not like brackets inside
the right part of a ${variable+word} parameter expansion:
$ echo "${a+($b)}"
ksh: ${a+($b)}": bad substitution
though both bash and dash accept them. In any case this line
was causing odd output in the case where nettle is not present:
nettle no ()
(because if nettle is not present then $nettle will be "no",
not a null string or unset).
Rewrite it to just use an if.
This bug was originally introduced in becaeb726 and was present
in the 2.4.0 release.
Fixes: https://bugs.launchpad.net/qemu/+bug/1525682
Reported-by: Dmitrij D. Czarkoff
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1450105357-8516-1-git-send-email-peter.maydell@linaro.org
Implement a QIOChannel subclass that supports sockets I/O.
The implementation is able to manage a single socket file
descriptor, whether a TCP/UNIX listener, TCP/UNIX connection,
or a UDP datagram. It provides APIs which can listen and
connect either asynchronously or synchronously. Since there
is no asynchronous DNS lookup API available, it uses the
QIOTask helper for spawning a background thread to ensure
non-blocking operation.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The check for stack-protector support consisted in compiling and linking
the test program below (output by function write_c_skeleton()) with the
compiler flag -fstack-protector-strong first and then with
-fstack-protector-all if the first one failed to work:
int main(void) { return 0; }
This caused false positives when using certain toolchains in which the
compiler accepted -fstack-protector-strong but no support was provided
by the C library, since for this stack-protector variant the compiler
emits canary code only for functions that meet specific conditions
(local arrays, memory references to local variables, etc.) and the code
fragment under test included none of them (hence no stack protection
code generated, no link failure).
This fix changes the test program used for -fstack-protector checks to
include a function that meets conditions which cause the compiler to
generate canary code in all variants.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Currently if the user's compiler works for creating .o files but
their linker is broken such that compiling an executable from a
C file does not work, we will report a misleading error message
about the compiler not supporting __thread (since that happens
to be the first test we run which requires a working linker).
Explicitly check that compile_prog works as well as compile_object,
so that people whose toolchain setup is broken get a more helpful
error message.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
QEMU uses threads / coroutines, therefore support for thread local storage
and thread safe libraries (-D_MT) must be enabled by using -mthreads.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Fixes all over the place.
This also re-enables a test we disabled in 2.5 cycle
now that there's a way not to get a warning from it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWTc5PAAoJECgfDbjSjVRpCJEH/jh1CeWCG7zRBXelWK2F5Cgr
ls+V1sCX7NvkfCa3cDZI8imGjYQUr6EiXtqxPArEVMjmUOUzEHPkOx3ICPpfMU7o
RCVNPELav6VBhGDf3mcIVjlDDN9Syhd90xdgaD8dbeSA0UJFHRTdobNlYpYwiRmp
OAASUawEWLGA5cG+W6MBFWiPQWChpNRK3yK3RVduL71TIe4heuHBez4qTB2QKYvF
KM2nRvpkBY21frXJQqWPlCJ6jsdjI/Fl2xR1t4C9qv0TKcB9FESMmH3Jff2bwMQM
8OSnTIRqYaqT6kJkk3Kns8a+porJMnn69OwBRehLmLW/rmx9HQrR2Ey7bYtgd0Y=
=CrrY
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
vhost, pc: fixes for 2.5
Fixes all over the place.
This also re-enables a test we disabled in 2.5 cycle
now that there's a way not to get a warning from it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 19 Nov 2015 13:27:43 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
exec: silence hugetlbfs warning under qtest
tests: re-enable vhost-user-test
acpi: fix buffer overrun on migration
vhost-user: fix log size
vhost-user: ignore qemu-only features
specs/vhost-user: fix spec to match reality
tests/vhost-user-bridge: implement logging of dirty pages
i440fx: print an error message if user tries to enable iommu
q35: Check propery to determine if iommu is set
vhost-user: start/stop all rings
vhost-user: print original request on error
vhost-user-test: support VHOST_USER_SET_VRING_ENABLE
vhost-user: update spec description
vhost: don't send RESET_OWNER at stop
vhost: let SET_VRING_ENABLE message depends on protocol feature
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 7fe34ca9c2 actually disabled vhost-user-test altogether,
since CONFIG_VHOST_NET is a per-target config variable.
tests/vhost-user-test is already x86/x64 softmmu specific test, in order
to enable it correctly, kvm & vhost-net are also conditions. To check
that, set CONFIG_VHOST_NET_TEST_$target when kvm is also enabled.
Since "check-qtest-x86_64-y = $(check-qtest-i386-y)", avoid duplication
when both x86 & x64 are enabled.
Other targets than x86 aren't enabled yet, and is intentionally left as
a future improvement, since I can't easily test those.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drop the libseccomp required version back to 2.1.0, restoring the ability
to build w/ --enable-seccomp on Ubuntu 14.04.
Commit 4cc47f8b3c tightened the dependency
on libseccomp from version 2.1.0 to 2.1.1. This broke building on Ubuntu
14.04, the current Ubuntu LTS release. The commit message didn't mention
any specific functional need for 2.1.1, just that it was the most recent
stable version at the time. I reviewed the changes between 2.1.0 and 2.1.1,
but it looks like that update just contained minor fixes and cleanups - no
obvious (to me) new interfaces or critical bug fixes.
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
This is a revert of ae6e8ef11e, but with a bit of refactoring,
and also specifically adding arm/aarch64, rather than all
architectures. Currently, libseccomp code appears to also support
mips, ppc, and s390. We could therefore allow qemu to enable
seccomp for those platforms as well, with additional configure
patches, given they're tested and proven to work.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Due to the addition of HVMlite and the requirement to always provide a
valid xc_domain_configuration_t, xc_domain_create now always takes an arch
domain config, which can be NULL in order to mimic previous behaviour.
Add a small stub called xen_domain_create that encapsulates the correct
call to xc_domain_create depending on the libxc version detected.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
I broke this when adding checks for clang++.
Reported-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1447345789-840-1-git-send-email-jsnow@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit b553a04280 inadvertently disabled optimization
for all non-fortify builds. Fix this bug so we only do an
unoptimized build if we want debug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1447082049-25099-1-git-send-email-peter.maydell@linaro.org
The '--enable-vnc-tls' option to configure was removed in
commit 3e305e4a47
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 6 14:39:32 2015 +0100
ui: convert VNC server to use QCryptoTLSSession
This removes the corresponding help string.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
According to ./configure all options should have both --enable-foo and
--disable-foo:
# Always add --enable-foo and --disable-foo command line args.
# Distributions want to ensure that several features are compiled in, and it
# is impossible without a --enable-foo that exits if a feature is not found.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1446473183-24250-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some versions of clang may have difficulty compiling glibc headers when
-D_FORTIFY_SOURCE is used. For example, Clang++ 3.5.0-9.fc22 cannot
compile glibc's stdio headers when -D_FORTIFY_SOURCE=2 is used. This
manifests currently as build failures with clang and any arm target.
According to LLVM dev Richard Smith, clang does not target or support
FORTIFY_SOURCE + glibc, and it should not be relied on.
"It's still an unsupported combination, and while it might compile, some
of the checks are unlikely to work because they require a frontend
inliner to be useful"
See: http://lists.llvm.org/pipermail/cfe-dev/2015-November/045846.html
Conclusion: disable fortify-source if we appear to be using clang instead
of testing for compile success or failure, which may be incidental or not
indicative of proper support of the feature.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <1446583422-10153-1-git-send-email-jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If the user is using ccache during the configuration step,
it may interfere with some of the configuration tests,
particularly the "Is ccache interfering with macro analysis" step,
which is a bit of a poetic problem.
1) Disallow ccache from reading from the cache during configure,
but don't disable it entirely to allow us to see if it causes other
problems.
2) Force off CCACHE_CPP2 during the ccache test to get a deterministic
answer over whether or not we need to enable that feature later.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <1446055000-29150-1-git-send-email-jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We now use epoxy to load opengl libraries. This means we don't need to
link opengl libraries directly if interfaces handled by epoxy. With
this, we just need epoxy headers and epoxy's *.so to build.
Tested with epoxy-1.3.1.
- sdl2/gtk/console egl stuff doesn't require other than epoxy
- milkymist-tmu2 glx stuff doesn't require other than epoxy
(lm32 test is limited, because can't find mmone-bios.bin, so just test
to load libGL with "./lm32-softmmu/qemu-system-lm32 -M milkymist,accel=qtest")
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
[ lm32 tested by kraxel ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When using ivshmem devices, notifications between guests can be sent as
interrupts using a ivshmem-server (typical use described in documentation).
The client is provided as a debug tool.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Signed-off-by: David Marchand <david.marchand@6wind.com>
[fix a valgrind warning, option and server_close() segvs, extra server
headers includes, getopt() return type, out-of-tree build, use qemu
event_notifier instead of eventfd, fix x86/osx warnings - Marc-André]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The previous commit
commit 9a2fd4347c
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Mon Apr 13 14:01:39 2015 +0100
crypto: add sanity checking of TLS x509 credentials
defined new variables $TEST_LIBS and $TEST_CFLAGS and
used them in tests/Makefile to augment $LIBS and $CFLAGS.
Unfortunately this overlooks the fact that tests/Makefile
is not executed via recursive-make, it is just pulled into
the top level Makefile via an include statement. So rather
than just augmenting the compiler/linker flags for tests
it polluted the global flags.
This is thought to be behind a reported failure when
building the pixman module as a sub-module, since global
$CFLAGS are passed down to configure in pixman.
This change removes the $TEST_LIBS and $TEST_CFLAGS
replacing them with $TASN1_LIBS and $TASN1_CFLAGS,
setting only against specific objects/executables
that need them.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Currently the choice of whether to use nettle or gcrypt is
made based on what gnutls is linked to. There are times
when it is desirable to be able to force build against a
specific library. For example, if testing changes to QEMU's
crypto code all 3 possible backends need to be checked
regardless of what the local gnutls uses.
It is also desirable to be able to enable nettle/gcrypt
for cipher/hash algorithms, without enabling gnutls
for TLS support.
This gives two new configure flags, which allow the
following possibilities
Automatically determine nettle vs gcrypt from what
gnutls links to (recommended to minimize number of
crypto libraries linked to)
./configure
Automatically determine nettle vs gcrypt based on
which is installed
./configure --disable-gnutls
Force use of nettle
./configure --enable-nettle
Force use of gcrypt
./configure --enable-gcrypt
Force use of built-in AES & crippled-DES
./configure --disable-nettle --disable-gcrypt
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
New features:
VT-d support for devices behind a bridge
vhost-user migration support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKMrnAAoJECgfDbjSjVRpVL0H/iRc31o00QE4nWBRpxUpf8WJ
V5RWE8qKkDgBha5bS5Nt4vs8K4jkkHGXCbmygMidWph96hUPK8/yHy1A/wmpBibB
5hVSPDK8onavNGJwpaWDrkhd9OhKAaKOuu49T6+VWJGZY/uX5ayqmcN934y0NPUa
4EhH5tyxPpYOYeW9i/VOMQ374gCJcpzYBMug4NJZRyFpfz/b2mzAQtoqw3EsPtB0
vpVJ+fKiCyG39HFKQJW7cL12yBeXOoyhjfDxpumLqwLWMfmde+vJwTFx6wbechgV
aU3jIdvUX8wHCNYaB937NsMaDALoGNqUjbpKnf+xD1w7xr9pwTzdyrGH3rpGLEE=
=+G1+
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
vhost, pc, virtio features, fixes, cleanups
New features:
VT-d support for devices behind a bridge
vhost-user migration support
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 22 Oct 2015 12:39:19 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream: (37 commits)
hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT
i386: keep cpu_model field in MachineState uptodate
vhost: set the correct queue index in case of migration with multiqueue
piix: fix resource leak reported by Coverity
seccomp: add memfd_create to whitelist
vhost-user-test: check ownership during migration
vhost-user-test: add live-migration test
vhost-user-test: learn to tweak various qemu arguments
vhost-user-test: wrap server in TestServer struct
vhost-user-test: remove useless static check
vhost-user-test: move wait_for_fds() out
vhost: add migration block if memfd failed
vhost-user: use an enum helper for features mask
vhost user: add rarp sending after live migration for legacy guest
vhost user: add support of live migration
net: add trace_vhost_user_event
vhost-user: document migration log
vhost: use a function for each call
vhost-user: add a migration blocker
vhost-user: send log shm fd along with log_base
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Check if memfd_create() is part of system libc.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
Currently POSIX builds rely on 'qemu-ga' target to do qga-only
distributable build. On w32, as with most standalone binary targets,
we rely on 'qemu-ga.exe' target.
Unlike with POSIX, qemu-ga for w32 has a number of related targets
such as VSS DLL and MSI package. We can do the full distributable
qga-only build on w32 with:
make qemu-ga.exe
or:
make msi
To make that work, we tie VSS dependencies onto qemu-ga.exe.
However, in reality the DLL isn't part of the binary, so we use a
filter to pull them out of the LINK recipe, which attempts to link
against prereqs for binary targets. Additionally, it could be argued
that VSS is a separate distributable, and shouldn't be implied by
qemu-ga.exe binary target.
To avoid this, we can tie the VSS dependencies only to the 'msi'
target, but that would make it impossible to do a qga-only build of
the w32 distributable without building the 'msi' package, which was
supported in the past.
An alternative approach is to add a new target to build the whole
distributable. w32 allows us to use the same build target we use
on POSIX, 'qemu-ga', since the current binary-only target on w32
is 'qemu-ga.exe'.
To further simplify the build, we also make 'qemu-ga' build the MSI
package if the appropriate ./configure options are set, making the
full qga-only build the same on both POSIX and w32: `make qemu-ga`
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
RHEL-6 and SLES-11 provide Python 2.6. It'll also work on OS X back
to 10.6.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441396383-17304-1-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This allows virtio-gpu to render in 3d mode.
Uses native opengl support which is present
in gtk versions 3.16 and newer.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add virglrenderer library detection. Add 3d mode to virtio-gpu,
wire up virglrenderer library. When in 3d mode render using the
new context management and texture scanout callbacks.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Let's expose some virtual/fake registers as virtualization specific
registers.
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1443689387-34473-3-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
The oslib-win32 file currently provides a localtime_r and
gmtime_r replacement unconditionally. Some versions of
Mingw-w64 would provide crude macros for localtime_r/gmtime_r
which QEMU takes care to disable. Latest versions of Mingw-w64
now provide actual functions for localtime_r/gmtime_r, but
with a twist that you have to include unistd.h or pthread.h
before including time.h. By luck some files in QEMU have
such an include order, resulting in compile errors:
CC util/osdep.o
In file included from include/qemu-common.h:48:0,
from util/osdep.c:48:
include/sysemu/os-win32.h:77:12: error: redundant redeclaration of 'gmtime_r' [-Werror=redundant-decls]
struct tm *gmtime_r(const time_t *timep, struct tm *result);
^
In file included from include/qemu-common.h:35:0,
from util/osdep.c:48:
/usr/i686-w64-mingw32/sys-root/mingw/include/time.h:272:107: note: previous definition of 'gmtime_r' was here
In file included from include/qemu-common.h:48:0,
from util/osdep.c:48:
include/sysemu/os-win32.h:79:12: error: redundant redeclaration of 'localtime_r' [-Werror=redundant-decls]
struct tm *localtime_r(const time_t *timep, struct tm *result);
^
In file included from include/qemu-common.h:35:0,
from util/osdep.c:48:
/usr/i686-w64-mingw32/sys-root/mingw/include/time.h:269:107: note: previous definition of 'localtime_r' was here
This change adds a configure test to see if localtime_r
exits, and only enables the QEMU impl if missing. We also
re-arrange qemu-common.h try attempt to guarantee that all
source files get unistd.h before time.h and thus see the
localtime_r/gmtime_r defs.
[sw: Use "official" spellings for Mingw-w64, MinGW in comments.]
[sw: Terminate sentences with a dot in comments.]
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
libcacard is now a standalone project hosted with the Spice project (see
the 2.5.0 release announcement), remove it from qemu tree.
Use the library if found during configure or if --enable-smartcard.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Add related configuration and make files for tilegx.
The target can now build, though not run anything.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <BLU436-SMTP1588E5A03AD5E94B07E988B9660@phx.gbl>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.
With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.
Old syntax for anon-DH credentials:
-vnc hostname:0,tls
New syntax:
-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0
Old syntax for x509 credentials, no client certs:
-vnc hostname:0,tls,x509=/path/to/certs
New syntax:
-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0
Old syntax for x509 credentials, requiring client certs:
-vnc hostname:0,tls,x509verify=/path/to/certs
New syntax:
-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0
This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.
If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and difficult to diagnose. This has been a particular
problem for people using openssl to generate their certificates
instead of the gnutls certtool, because the openssl tools don't
turn on the various x509 extensions that gnutls expects to be
present by default.
This change thus adds support in the TLS credentials object to
sanity check the certificates when QEMU first loads them. This
gives the administrator immediate feedback for the majority of
common configuration mistakes, reducing the pain involved in
setting up TLS. The code is derived from equivalent code that
has been part of libvirt's TLS support and has been seen to be
valuable in assisting admins.
It is possible to disable the sanity checking, however, via
the new 'sanity-check' property on the tls-creds object type,
with a value of 'no'.
Unit tests are included in this change to verify the correctness
of the sanity checking code in all the key scenarios it is
intended to cope with. As part of the test suite, the pkix_asn1_tab.c
from gnutls is imported. This file is intentionally copied from the
(long since obsolete) gnutls 1.6.3 source tree, since that version
was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.
And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJV8Tk7AAoJEL/70l94x66Ds3QH/3bi0RRR2NtKIXAQrGo5tfuD
NPMu1K5Hy+/26AC6mEVNRh4kh7dPH5E4NnDGbxet1+osvmpjxAjc2JrxEybhHD0j
fkpzqynuBN6cA2Gu5GUNoKzxxTmi2RrEYigWDZqCftRXBeO2Hsr1etxJh9UoZw5H
dgpU3j/n0Q8s08jUJ1o789knZI/ckwL4oXK4u2KhSC7ZTCWhJT7Qr7c0JmiKReaF
JEYAsKkQhICVKRVmC8NxML8U58O8maBjQ62UN6nQpVaQd0Yo/6cstFTZsRrHMHL3
7A2Tyg862cMvp+1DOX3Bk02yXA+nxnzLF8kUe0rYo6llqDBDStzqyn1j9R0qeqA=
=nB06
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Support for jemalloc
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.
And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs
# gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (44 commits)
cutils: work around platform differences in strto{l,ul,ll,ull}
cpu-exec: fix lock hierarchy for user-mode emulation
exec: make mmap_lock/mmap_unlock globally available
tcg: comment on which functions have to be called with mmap_lock held
tcg: add memory barriers in page_find_alloc accesses
remove unused spinlock.
replace spinlock by QemuMutex.
cpus: remove tcg_halt_cond and tcg_cpu_thread globals
cpus: protect work list with work_mutex
scripts/dump-guest-memory.py: fix after RAMBlock change
configure: Add support for jemalloc
add macro file for coccinelle
configure: factor out adding disas configure
vhost-scsi: fix wrong vhost-scsi firmware path
checkpatch: remove tests that are not relevant outside the kernel
checkpatch: adapt some tests to QEMU
CODING_STYLE: update mixed declaration rules
qmp: Add example usage of strto*l() qemu wrapper
cutils: Add qemu_strtoull() wrapper
cutils: Add qemu_strtoll() wrapper
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In Xen 4.6 commit cd2f100f0f61b3f333d52d1737dd73f02daee592
"libxc: Fix do_memory_op to return negative value on errors"
made the libxc API less odd-ball: On errors, return value is
-1 and error code is in errno. On success the return value
is either 0 or an positive value.
Since we could be running with an old toolstack in which the
Exx value is in rc or the newer, we add an wrapper around
the xc_domain_add_to_physmap (called xen_xc_domain_add_to_physmap)
which will always return the EXX.
Xen 4.6 did not change the libxc functions mentioned (same parameters)
so we piggyback on the fact that Xen 4.6 has a new function:
commit 504ed2053362381ac01b98db9313454488b7db40 "tools/libxc: Expose
new hypercall xc_reserved_device_memory_map" and check for that.
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Suggested-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The number of slots per page being 511 (i.e. not a power of two) means
that the (32-bit) read and write indexes going beyond 2^32 will likely
disturb operation. The hypervisor side gets I/O req server creation
extended so we can indicate that we're using suitable atomic accesses
where needed, allowing it to atomically canonicalize both pointers when
both have gone through at least one cycle.
The Xen side counterpart (which is not a functional prereq to this
change, albeit a build one) went in already (commit b7007bc6f9).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This adds "--enable-jemalloc" and "--disable-jemalloc" to allow linking
to jemalloc memory allocator.
We have already tcmalloc support,
but it seem to not working well with a lot of iothreads/disks.
The main problem is that tcmalloc use a shared thread cache of 16MB
by default.
With more threads, this cache is shared, and some bad garbage collections
can occur if the cache is too low.
It's possible to tcmalloc cache increase it with a env var:
TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=256MB
With default 16MB, performances are really bad with more than 2 disks.
Increasing to 256MB, it's helping but still have problem with 16 disks/iothreads.
Jemalloc don't have performance problem with default configuration.
Here the benchmark results in iops of 1 qemu vm randread 4K iodepth=32,
with rbd block backend (librbd is doing a lot of memory allocation),
1 iothread by disk
glibc malloc
------------
1 disk 29052
2 disks 55878
4 disks 127899
8 disks 240566
15 disks 269976
jemalloc
--------
1 disk 41278
2 disks 75781
4 disks 195351
8 disks 294241
15 disks 298199
tcmalloc 2.2.1 default 16M cache
--------------------------------
1 disk 37911
2 disks 67698
4 disks 41076
8 disks 43312
15 disks 37569
tcmalloc : 256M cache
---------------------------
1 disk 33914
2 disks 58839
4 disks 148205
8 disks 213298
15 disks 218383
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Message-Id: <1434711418-20429-1-git-send-email-aderumier@odiso.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Every arch adds its disas configury to both its own config as well
config_disas_all. Make a small function do to both at once.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <1440844439-19391-1-git-send-email-crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Let's support reading and writing of control registers for kvm and tcg.
We have to take care of flushing the tlb (tcg) and pushing the changed
registers into kvm.
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Currently VSS dll/tlb files for use in w32 builds are only built as a
result of having been added to the general 'tools' target alongside
qemu-ga. This is fine for default make target, but if we build
qemu-ga directly via `make qemu-ga.exe`, the VSS files are not
created.
Fix this by moving the VSS dependencies to qemu-ga.exe directly.
With this move we can move the VSS files back out of 'tools',
and drop the extra handling from MSI target in Makefile.
Now we can build qemu-ga MSI package with:
./configure ...
make qemu-ga.exe
make msi
or simply:
./configure ...
make msi
and no longer need to do a full build beforehand.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently, if we don't explicitly disable support for MSI installer
via --disable-guest-agent-msi, the configure variable that tracks
the flag, 'guest_agent_msi', never gets set unless one of the probes
fails. Subsequent code then treats this unset value the same as if it
were a "yes" value (via != "no" style checks).
Instead, set the default "yes" value explicitly after the probes, then
make subsequent code expect the values to be set.
This makes it easier to report on whether or not MSI support was
enabled via probe by looking at the ./configure summary.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
MSI probe assumes that qemu-ga support has been probed already, but in
cases where --enable-guest-agent/--disable-guest-agent have not been
passed to configure, qemu-ga support may end up getting enabled later,
as is the case with w32 builds. This leads to MSI probe prematurely
reporting error due to lack of qemu-ga support.
Fix this by moving MSI installer probe after the final qga probes.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Use NetUserSetInfo() to set the user password.
This function is notoriously known to be problematic for users with EFS
encrypted files. But the alternative, NetUserChangePassword() requires
the old password. Nevertheless, The EFS file should be recovered by
changing back to the old password.
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently we need to examine config-host.mak to determine whether
options/probes for MSI package generation had desired result. Report
this more prominently in ./configure summary as we do with other
guest agent configure options.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
All tcg host architectures now support the guest base and as
there is no real performance lost, it can be always enabled.
Anyway, guest base use can be disabled lively by setting guest
base to 0.
CONFIG_USE_GUEST_BASE is defined as (USE_GUEST_BASE && USER_ONLY),
it should have to be replaced by CONFIG_USER_ONLY in non CONFIG_USER_ONLY
parts, but as some other parts are using !CONFIG_SOFTMMU I have chosen to
use !CONFIG_SOFTMMU instead.
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1440373328-9788-2-git-send-email-laurent@vivier.eu>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The cocoa GUI frontend assumes it is the only GUI (it redefines
main() so it always gets control before the rest of QEMU), so
it does not play well with other UIs like SDL or GTK. (Mostly
people building QEMU on OSX don't have the necessary dependencies
available for configure to build those other front ends, so
mostly this problem goes unnoticed.)
Make configure automatically disable the SDL and GTK front ends
if the cocoa front end is enabled. (We were sort of attempting
to do this for SDL before, but not in a way that worked very well.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: John Arbuckle <programmingkidx@gmail.com>
Message-id: 1439565052-3457-1-git-send-email-peter.maydell@linaro.org
* vhost-scsi fix from Igor and Lu Lina
* a build system fix from Daniel
* two more multi-arch-related patches from Peter C.
* TCG patches from myself and Sergey Fedorov
* RCU improvement from Wen Congyang
* a few more simple cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVzmCgAAoJEL/70l94x66DhFgH/1m3iGac2Ks3vAUAdS2HBcxC
EeziMwWFmkrfbtzUkz/jE0NG5uA2Bs8OFHsC8vmQFwkpDbGUlJ1zd5/N5UOHMG3d
zF0vd+nKNw9C1Fo0/LPyQSeP64/xXEMTmFLqmYf4ZOowz8lr/m6WYrMIzKUoXSEn
FeRtq78moDT8qwF372j8aoQUUpsctXDHBQHORZdcERvlc4mxojeJ3+mNViR2bv3r
92PwGvrJ26mQXEKmGo5O1VM4k7QVg7xJQfgE11x7ShE2E9fJDMgts0Q/xCjWCLwS
BXtEtbd9QeFEfG/mlRFevGtuvksq98m0hN7lAWb13zWmlJFuLyyMmlGfGAlU55Q=
=Y2DB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* SCSI fixes from Stefan and Fam
* vhost-scsi fix from Igor and Lu Lina
* a build system fix from Daniel
* two more multi-arch-related patches from Peter C.
* TCG patches from myself and Sergey Fedorov
* RCU improvement from Wen Congyang
* a few more simple cleanups
# gpg: Signature made Fri 14 Aug 2015 22:41:52 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
disas: Defeature print_target_address
hw: fix mask for ColdFire UART command register
scsi-generic: identify AIO callbacks more clearly
scsi-disk: identify AIO callbacks more clearly
scsi: create restart bottom half in the right AioContext
configure: only add CONFIG_RDMA to config-host.h once
qemu-nbd: remove unnecessary qemu_notify_event()
vhost-scsi: Clarify vhost_virtqueue_mask argument
exec: use macro ROUND_UP for alignment
rcu: Allow calling rcu_(un)register_thread() during synchronize_rcu()
exec: drop cpu_can_do_io, just read cpu->can_do_io
cpu_defs: Simplify CPUTLB padding logic
cpu-exec: Do not invalidate original TB in cpu_exec_nocache()
vhost/scsi: call vhost_dev_cleanup() at unrealize() time
virtio-scsi-test: Add test case for tail unaligned WRITE SAME
scsi-disk: Fix assertion failure on WRITE SAME
tests: virtio-scsi: clear unit attention after reset
scsi-disk: fix cmd.mode field typo
virtio-scsi: use virtqueue_map_sg() when loading requests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For unknown reasons (probably a git rebase merge mistake)
commit 2da776db48
Author: Michael R. Hines <mrhines@us.ibm.com>
Date: Mon Jul 22 10:01:54 2013 -0400
rdma: core logic
Adds CONFIG_RDMA to config-host.h twice, as can be seen
in the generated file:
$ grep CONFIG_RDMA config-host.h
#define CONFIG_RDMA 1
#define CONFIG_RDMA 1
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1438345403-32467-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 8e9b0d2 (ui: convert VNC websockets to use crypto APIs) dropped
the --enable-vnc-ws option but forgot to update the help text. Fix this.
Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437749257-3313-1-git-send-email-afaerber@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Unfortunately Ubuntu's pkg-config information for gnutls is broken
for the static linking case, and outputs --libs options which the
compiler does not recognize. Work around this problem by testing
that the --cflags/--libs output will at least allow compilation
before enabling gnutls support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437758888-22486-1-git-send-email-peter.maydell@linaro.org
In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of
'nettle_crypt_func' and these two differ in 'const' qualifier of the
first argument. The build fails with:
In file included from crypto/cipher.c:71:0:
./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’:
./crypto/cipher-nettle.c:154:38: error: passing argument 2 of
‘nettle_cbc_encrypt’ from incompatible pointer type
cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
^
In file included from ./crypto/cipher-nettle.c:24:0,
from crypto/cipher.c:71:
/usr/include/nettle/cbc.h:48:1: note: expected
‘void (*)(const void *, size_t, uint8_t *, const uint8_t *)
but argument is of type
‘void (*)( void *, size_t, uint8_t *, const uint8_t *)
To allow both versions, we switch to the new definition and #if typedef
it for old versions.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1436548682-9315-2-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVnQWdAAoJEL/70l94x66D6OgIAKJlzQfmy5w7Q9WD4vCMhD76
JrpLSsn7Gx/Bws0Nu9nLQlqun5z4hiUxyG2kP/WqD9+tV3cpSMSyrG6ImVdqKnQ5
+Z8WJZuREkQv0aqDUjQVST+eIDZuh2LWJXAjhgsCXUHY77eWb/7WmKT79xJOa+5C
5xB1qxudqX5IsTvpiKKPbmUGYkAcvRX1dUSaFwRIMO0UyKn59B9WfM9a5slIbLW7
XfI8+wEJshTVLuQkkTfdidWQc5M5DwlmO7ESUNR/BRPCPFeyjcDqgQY5pBM5XVo9
C+S0R3zIt3Ew0fhCtLRyjlIT0bGfwjbU5HRiHcyldBKhNUZZjSUoOWJnYRHXUDY=
=H8wA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Bugfixes and Daniel Berrange's crypto library.
# gpg: Signature made Wed Jul 8 12:12:29 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
ossaudio: fix memory leak
ui: convert VNC to use generic cipher API
block: convert qcow/qcow2 to use generic cipher API
ui: convert VNC websockets to use crypto APIs
block: convert quorum blockdrv to use crypto APIs
crypto: add a nettle cipher implementation
crypto: add a gcrypt cipher implementation
crypto: introduce generic cipher API & built-in implementation
crypto: move built-in D3DES implementation into crypto/
crypto: move built-in AES implementation into crypto/
crypto: introduce new module for computing hash digests
vl: move rom_load_all after machine init done
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove the direct use of gnutls for hash processing in the
websockets code, in favour of using the crypto APIs. This
allows the websockets code to be built unconditionally
removing countless conditional checks from the VNC code.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-9-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Get rid of direct use of gnutls APIs in quorum blockdrv in
favour of using the crypto APIs. This avoids the need to
do conditional compilation of the quorum driver. It can
simply report an error at file open file instead if the
required hash algorithm isn't supported by QEMU.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-8-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If we are linking to gnutls already and gnutls is built against
nettle, then we should use nettle as a cipher backend in
preference to our built-in backend.
This will be used when linking against some GNUTLS 2.x versions
and all GNUTLS 3.x versions.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-7-git-send-email-berrange@redhat.com>
[Change "#elif" to "#elif defined". - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If we are linking to gnutls already and gnutls is built against
gcrypt, then we should use gcrypt as a cipher backend in
preference to our built-in backend.
This will be used when linking against GNUTLS 1.x and many
GNUTLS 2.x versions.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-6-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
PCIAddress inforfation is obtained via SetupApi, which provides the
information about address, bus, etc. We look throught entire device tree
in the system and try to find device object for given volume. For this PDO
SetupDiGetDeviceRegistryProperty is called, which reads PCI configuration
for a given devicei if it is possible.
This is the most convinient way for a userspace service. The lookup is
performed for every volume available. However, this information is
not mandatory for vss-provider.
In order to use SetupApi we need to notify linker about it. We do not need
to install additional libs, so we do not make separate configuration
option to use libsetupapi.su
SetupApi gives as the same information as kernel driver
with IRP_MN_QUERY_INTERFACE.
https://support.microsoft.com/en-us/kb/253232
Signed-off-by: Olga Krishtal <okrishtal@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* stub out get_pci_info if !CONFIG_QGA_NTDDSCSI
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This header file provides w32 ioctl definitions for working with disk
devices. Older versions of mingw do not expose this in a useable way,
so add a configure check and report it via CONFIG_QGA_NTDDSCSI.
Subsequent patches will use this macro to stub out functionality that
relies on this in cases where it's not available.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Add the iphlpapi library to use APIs such as GetAdaptersInfo and
GetAdaptersAddresses.
Signed-off-by: Kirk Allan <kallan@suse.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Introduce a new crypto/ directory that will (eventually) contain
all the cryptographic related code. This initially defines a
wrapper for initializing gnutls and for computing hashes with
gnutls. The former ensures that gnutls is guaranteed to be
initialized exactly once in QEMU regardless of CLI args. The
block quorum code currently fails to initialize gnutls so it
only works by luck, if VNC server TLS is not requested. The
hash APIs avoids the need to litter the rest of the code with
preprocessor checks and simplifies callers by allocating the
correct amount of memory for the requested hash.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVjVb/AAoJECgfDbjSjVRpeaEH/2bwK7BGgczEQ7fhzIEaQSQq
SV7aychNZvUFASXLV6aVmQCdYixZxlI9KDn0pMRYntUcjxRRB48U3N5Sy4km46Pw
LLN3vxGzHazlE7AJ5c+WVDf0e2k7v3CpZ/TKXzPHmvZXIuBfjKXtKzBgyQYxGkmL
JgRrRSHDrsbvfmhI4uHMpCTYs/WeY1cuA1IzvimBjmvVP5kkko4NoX+HEWmGJ6WK
13fQuV+Cvz7Yk40HRpPAM0QPV2etGCj+dU7xgF9BWnn9mzbGC5iy8EUClyGil/af
k3i/bCxs6IgpQ76LaezJtGPtn1jbohrO4qRqlatUAJCwgCYMCkxkIk+Pr4A3x4c=
=6WvB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pci fixes, enhancements
Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri Jun 26 14:43:27 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
Fix glib_subprocess test
hw/pci-bridge: format special OFW unit address for PXB host
hw/core: explicit OFW unit address callback for SysBusDeviceClass
hw/pci-bridge: disable SHPC in PXB
hw/pci-bridge: introduce "shpc" property
hw/pci: introduce shpc_present() helper function
hw/pci-bridge: add macro for "msi" property
hw/pci-bridge: add macro for "chassis_nr" property
hw/pci-bridge: expose _test parameter in SHPC_VMSTATE()
migration: introduce VMSTATE_BUFFER_UNSAFE_INFO_TEST()
add pci-bridge-seat
pc: cleanup and convert TMP ACPI device description to AML API
MAINTAINERS: add ACPI entry
vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
balloon: add a feature bit to let Guest OS deflate balloon on oom
qdev: fix OVERFLOW_BEFORE_WIDEN
virito-pci: fix OVERRUN problem
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A typo means that the tests dependent on glib with subprocess
support are never run.
Fixes: 9d41401b90
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This is an attempt to rearrange configure --help output a bit
and consolidate pairs of --enable/disable into its own section.
After this, help text is easier to sort, manage and read.
More descriptive text can be added as well, since we now have
more space.
While at it, mention en/dis-able-vte.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The help text says --extra-ldflags is appended to LDFLAGS so make it so.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
New options were added to enable Windows MSI installation package
creation:
Option --enable-guest-agent-msi, like the name suggests, enables building
Windows MSI package for QEMU guest agent; option --disable-guest-agent-msi
disables MSI package creation; by default, no MSI package is created
Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-5-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
DirectSound should be a superior choice on Windows.
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ESD is no longer developed and replaced by PulseAudio.
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Some recent patches require a function from libfdt version 1.4.0,
so we should check for this version during the configure step
already. Unfortunately, there does not seem to be a proper #define
for the version number in the libfdt headers. So alternatively,
we check for the availability of the required function
fdt_get_property_by_offset() instead instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
It makes sense that extra-cflags should be appended after the normal
CFLAGS so they don't get overridden by default behaviour. This way if
you specify something like:
./configure --extra-cflags="-O0"
You will see the requested behaviour.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
libepoxy does the opengl extension handling for us.
It also is helpful for trouble-shooting as it prints nice error messages
instead of silently failing or segfaulting in case we do something
wrong, like using gl commands not supported by the current context.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
gdb allows registers to be displayed/modified, and is being updated
to account for the new vector registers. Mirror these changes in
the gdb stub in qemu so that this can be performed when gdb is
attached to the qemu gdbserver.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This provides g_ptr_array_new_with_free_func, as well as a few
other functions that we've been hacking around in glib-compat.h.
Cleaning up the compatibility headers will come later.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1431469140-22208-2-git-send-email-jsnow@redhat.com
Test if ccache is interfering with semantic analysis of macros,
disable its habit of trying to compile already pre-processed
versions of code if so. ccache attempts to save time by compiling
pre-processed versions of code, but this disturbs clang's static
analysis enough to produce false positives.
ccache allows us to disable this feature, opting instead to
compile the original version instead of its preprocessed version.
This makes ccache much slower for cache misses, but at least it
becomes usable with QEMU/clang.
This workaround only activates for users using ccache AND clang,
and only if their configuration is observed to be producing warnings.
You may need to clear your ccache for builds started without -Werror,
as those may continue to produce warnings from the cache.
Thanks to Peter Eisentraut for his writeup on the issue:
http://peter.eisentraut.org/blog/2014/12/01/ccache-and-clang-part-3/
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The glib headers use GCC attributes. Unfortunately the __GNUC__ and
__GNUC_MINOR__ version macros are also defined by clang, but clang
doesn't support the same attributes as GCC.
clang 3.5.0 does not support the __alloc_size__ attribute:
c047507a9a
The following warning is produced:
gstrfuncs.h:257:44: warning: unknown attribute '__alloc_size__' ignored [-Wunknown-attributes]
G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(2);
gmacros.h:67:45: note: expanded from macro 'G_GNUC_ALLOC_SIZE'
#define G_GNUC_ALLOC_SIZE(x) __attribute__((__alloc_size__(x)))
This patch checks whether glib headers cause warnings and disables
-Wunknown-attributes if it is able to.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Factor out the function that checks if a compiler
flag is supported or not.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
gcc 4.9.2 treats -nopie as an error:
cc: error: unrecognized command line option ‘-nopie’
clang 3.5.0 treats -nopie as a warning:
clang: warning: argument unused during compilation: '-nopie'
The causes ./configure to fail with clang:
ERROR: configure test passed without -Werror but failed with -Werror.
Make the -nopie test use -Werror so that compile_prog works for both gcc
and clang.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
- two improvements to "info mtere" from Gerd
- KVM support for memory transaction attributes
- one more small step towards unlocked MMIO dispatch
- one piece of the qemu-nbd errno fixes
- trivial-ish patches from Denis and Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVTLBhAAoJEL/70l94x66DkGIH/jlNJBMBGhlH/lwb1LzxtAMX
OxyDxsiwJpSxsOiZiY3oRz7d6VV6TCrmx5L+1HgG5IzU3WC61Tq6/FK4EXLepZIH
GSYlLtAALWny+2Uwsyh1Z7MMr5yxyhgeORk/l7O8pncmMeysludbEaJqQg8Aa9A2
j0B2pv4tvcl/qhuIFXL1YlbYMVXMsZy5W65D8jq+B6qf3q8kUcdKvgvbUMrxAiSH
JMISo4Z32t9w8SGnhlBa9s4HfN2yOvULRAozzkDBAu4c41cZrw16lvTV8XotamnU
LrG6eQ+2PFeIrcGhuIu7z5Bi4yiRRiThfRLCAvVApVTQYUf7IwvPNa5K1FrP9YU=
=Z/UD
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- build bugfix from Fam and new configure check from Emilio
- two improvements to "info mtere" from Gerd
- KVM support for memory transaction attributes
- one more small step towards unlocked MMIO dispatch
- one piece of the qemu-nbd errno fixes
- trivial-ish patches from Denis and Thomas
# gpg: Signature made Fri May 8 13:47:29 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
qemu-nbd: only send a limited number of errno codes on the wire
rules.mak: Force CFLAGS for all objects in DSO
configure: require __thread support
exec: move rcu_read_lock/unlock to address_space_translate callers
kvm: add support for memory transaction attributes
mtree: also print disabled regions
mtree: tag & indent a bit better
apic_common: improve readability of apic_reset_common
kvm: Silence warning from valgrind
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The codebase doesn't build without __thread support.
Formalise this requirement by adding a check for it in the
configure script.
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
tricore was out of alphabetical order in the target list. Fix.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Acked-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This adds "--enable-tcmalloc" and "--disable-tcmalloc" to allow linking
to libtcmalloc from gperftools.
tcmalloc is a malloc implementation that works well with threads and is
fast, so it is good for performance.
It is disabled by default, because the MALLOC_PERTURB_ flag we use in
tests doesn't work with tcmalloc. However we can enable tcmalloc
specific heap checker and profilers later.
An IOPS gain can be observed with virtio-blk-dataplane, other parts of
QEMU will directly benefit from it as well:
==========================================================
glibc malloc
----------------------------------------------------------
rw bs iodepth bw iops latency
read 4k 1 150 38511 24
----------------------------------------------------------
==========================================================
tcmalloc
----------------------------------------------------------
rw bs iodepth bw iops latency
read 4k 1 156 39969 23
----------------------------------------------------------
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1427338992-27057-1-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Unfortunately it turns out that libseccomp 2.2 still does not work
correctly on non-x86 architectures; return to the previous configure
setup of insisting on libseccomp 2.1 or better and i386/x86_64 and
disabling seccomp support in all other situations.
This reverts the two commits:
* "seccomp: libseccomp version varying according to arch"
(commit 896848f0d3)
* "seccomp: update libseccomp version and remove arch restriction"
(commit 8e27fc2004)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1428670681-23032-1-git-send-email-peter.maydell@linaro.org
libxseg has changed license to GPLv3. QEMU includes GPL "v2 only" code
which is not compatible with GPLv3. This means the resulting binaries
may not be redistributable!
Disable Archipelago (libxseg) by default to prevent accidental license
violations. Also warn if linking against libxseg is enabled to remind
the user.
Note that this commit does not constitute any advice about software
licensing. If you have doubts you should consult a lawyer.
Cc: Chrysostomos Nanakos <cnanakos@grnet.gr>
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1428587538-8765-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Libseccomp dependency was mandating version 2.2.0 on all architectures
and this was causing configure and virt-test to break on non-updates
distros. This patch works-around it and give a more flexible way to
check the version, giving more time for other distros to update
libseccomp version.
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reported-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Tested-by: Juan Quintela <quintela@redhat.com>
Message-id: 1427385385-30571-1-git-send-email-eduardo.otubo@profitbricks.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Libseccomp version updated to 2.2.0 and arch restriction to x86/x86_64
is now removed. It's supposed to work on armv7l as well.
Related bug: https://bugs.launchpad.net/qemu/+bug/1363641
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Here's a trivial change to enable kvm on x32 architecture.
I'm not 100% sure the result works correctly in all cases,
but this is a good start and in theory everything should
work.
Signed-off-by: Adam Borowski <kilobyte@angband.pl>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Re-add the glx compile test to configure. We can't use pkg-config to
probe for glx, and as long as milkymist-tmu2 privately uses glx (due to
opengl infrastructure in qemu not being ready yet) we must continue to
test for glx to avoid build failures.
Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Rename config option from "glx" to "opengl", glx will not be the only
option for opengl in near future. Also switch over to pkg-config for
opengl support detection.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
This patch adds support for bzip2-compressed block entries as introduced
with OS X 10.4 (source: https://en.wikipedia.org/wiki/Apple_Disk_Image).
It was tested against a 5.2G "OS X Yosemite" installation image which
stores the BLXX block in the XML property list (instead of resource
forks) and has over 5k chunks.
New configure entries are added (--enable-bzip2 / --disable-bzip2) to
control inclusion of bzip2 functionality (which requires linking against
libbz2). The help message suggests that this option is needed for DMG
files, but the tests are generic enough that other parts of QEMU can use
bzip2 if needed.
The identifiers are based on http://newosxbook.com/DMG.html.
The decompression routines are based on the zlib case, but as there is
no way to reset the decompression state (unlike zlib), memory is
allocated and deallocated for every decompression. This should not be
problematic as the decompression takes most of the time and as blocks
are typically about/over 1 MiB in size, only one allocation is done
every 2000 sectors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1420566495-13284-12-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This efficiently writes zeroes on Linux if the kernel is capable enough.
FALLOC_FL_ZERO_RANGE correctly handles all cases, including and not
including file expansion.
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>